DNS updates are daily. The problem is occuring every few weeks. Perhaps it is DNS but wouldn't the problem happen more frequently?

On Another note, MS had me apply hotfix KB939820 on the Windows 2003 DC in my environment. Not sure if that fixed things or not since it was two weeks ago. No issues since deploying but the problem typically happens every three weeks which happens to be the same time the machine will renew its machine password.

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1248). Topology discovery failed, error 0x80040952 (LDAP_LOCAL_ERROR (Client-side internal error or bad LDAP message)). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.

Thanks, i can confirm both of the above is OK. Thanks for your idea relating to the default domain policy.

I am wanderting if it is an issue with the VMWare server builds, as they were all deployed from the same Virtual machine template (which i didnt build) however i did build the two physical ones from scratch.

1st Post

I am having the exact same issue so you are not alone. I have been on the phone with MS support and no resolution has been identified yet.

If I reboot the server it will start to work again until the issue occurs on another server. The environment has six VM servers in two AD Sites. Exchange servers in both sites are having the problem, they are intermitent and only occur (so far) on one server at a time while the other servers function fine.

Exactly the same, do you have a CAS Array at all? I began to think whether it was the unicast traffic from the NLB which was flooding the switch, but then after reading, VMWare dont allow unicast out of the virtual infrastructure, so that cannot be the case.

Are they all VMWare? my physical test server has not had the problem as of yet.

I have deployed Exchange a number of times on VMWare and have not seen this issue.

I actually had it happen to one of the mailbox servers last week which was the first time. I started to see this problem for this client in November of 2010. Hard to trouble shoot it since I can not make it occur by doing a specific task etc.

I can confirm that my physical CAS Server has not had this issue, where as my virtual CAS Server (ive shutdown one part of the Virtual CAS Array to bring the physical server up) which existed befroe hand, experienced the domain controller fault last weekend.

This caused the Blackberry Server to first notice the outage reporting unavailable MAPI Mailboxes, and then my monitoring and alerting systems saw the event ID's referring to both the AD Topology discovery failures and the Active Sync IIS Pools also failing due to loss of AD Connectivity.

During this period, the physical CAS Server functioned fine when a DNS Record was flipped. The only way to bring this back was to reboot the server, restarting the Exchange services this time meant that it couldnt authenticate to start them again, and the group policy components also reported as unable to read.

1. The 2k8 R2 template the VMWare machines were deployed from.
2. The Behaviour of memory/cpu on VMWare guest machines vs Physical.
3. Some odd behaviours of the Virtual Switches which are not affecting the physical CAS Server.

1st Post

Hello,

I stumbled upon this thread looking for somehting else on domain contollers. I was at a technet seminar last year and watched a presentation, I beleive Mark Minasi, on this subject. What he was talking about is creating multiple servers form one VM image and making them domain controllers and how eventually they would all use the same computer SID and the servers might have authentication problems. Eventually the servers\domain contoller would start functioning incorrectly. The seminar was also explaing why not to use images to back up domain contollers. Im not saying this is the answer but maybe lead you to the right path.

Thanks td711 for your feedback, i can confirm that our computer account SIDs are seperate accoridng to powershell.

I would be keen to have a link to that seminar though?

I have now had this issue happen to my physical Exchange Server, the server cycled through all DC/GC's before finally giving up and stopping communication to the domain.

The thing which was similar between the physical and virtual, is that they both use the same perfferred virtual domain controllers.

I have now coded the physical server to only use our physical GC/DC's. Interesting though that restarting the services worked this time, without restarting the server!

I have checked the domain controller policies regardling security auditing and logs, and they are fine, the other thing i have noticed is that the !default domain policy is set to enforced, a previous employee must have done this,

However the settings for domain controllers are also enforeced and take precedence.

1st Post

Hallo,

we have the same behaviour. But we have only one Exchange 2010 on a physical machine, 2 DCs (one physical still Win 2003, one Hyper-V-Machine Win 2008).

The described errors occur occasionally especially at the night. the the network can be a little busy with monitoring and backup jobs. But the DCs are available all time. Other services at network don't reort any problems.

Please do spill the beans on the solutions, as without thinking now there is a design flaw, i am loosing faith in 2010 and before i remove my 2007 server from the domain, i still have the choice of going back.